Re: File security rights confusing
- From: "Paul" <ancientsiam@xxxxxxxxx>
- Date: Thu, 1 Feb 2007 14:42:44 +0700
On the server:
cacls "Company Shared Folders" > c:\test.txt
F:\Company Shared Folders CRAYFISH\administrator:(OI)(CI)F
CRAYFISH\BackOffice Folder Operators:(OI)(CI)C
On the workstation:
set > c:\test.txt
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sales777\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IBM-0CA410C7F30
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sales777
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\IBM-0CA410C7F30
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=c:\valueadd\sapdb-all-win-32bit-i386-7_4_3_32\sapdb-all-win-32bit-i386-
7_4_3_32\y\bin;c:\valueadd\sapdb-all-win-32bit-i386-7_4_3_32\sapdb-all-win-3
2bit-i386-7_4_3_32\y\pgm;C:\Program
Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\
Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI
Technologies\ATI Control Panel;C:\WINDOWS\Downloaded Program
Files;C:\IBMTOOLS\Python22;C:\Program Files\PC-Doctor for
Windows\services;C:\AppServ\Apache2.2\bin;C:\AppServ\php5;C:\AppServ\MySQL\b
in
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\Sales777\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\Sales777\LOCALS~1\Temp
USERDOMAIN=IBM-0CA410C7F30
USERNAME=Sales777
USERPROFILE=C:\Documents and Settings\Sales777
windir=C:\WINDOWS
net user "%UserName%" >> c:\test.txt
User name Sales777
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 1/20/2006 4:02 AM
Password expires Never
Password changeable 1/20/2006 4:02 AM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 2/1/2007 1:36 PM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.
The command completed successfully.
net user "%UserName%" 26January >> c:\test.txt
User name Sales777
Full Name
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 2/1/2007 1:41 PM
Password expires Never
Password changeable 2/1/2007 1:41 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 2/1/2007 1:43 PM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.
net user "%UserName%" >> c:\test.txt
Z:\ <Account Domain not found>(OI)(CI)F
<Account Domain not found>(OI)(CI)C
dir \\YourServer\Shared 1>>c:\test.txt 2>>&1
Volume in drive \\CRAYFISH\Shared is data
Volume Serial Number is 008D-AA54
Directory of \\CRAYFISH\Shared
02/01/2007 01:41 PM <DIR> .
02/01/2007 01:41 PM <DIR> ..
11/10/2006 09:35 AM <DIR> 01 - HR & ADMIN
02/01/2007 08:56 AM <DIR> 02 - SALES
11/22/2005 10:31 AM <DIR> 03 - ACCOUNTS
01/26/2007 01:33 PM 477 50 - SOFTWARE.lnk
12/20/2006 12:57 PM <DIR> 99 - OTHER
02/01/2007 01:41 PM 851 net_user.txt
2 File(s) 1,328 bytes
6 Dir(s) 29,774,835,712 bytes free
Note: the &1 file handle variable returned a file locked error, so it was
ommitted.
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:uc8A9z0QHHA.4060@xxxxxxxxxxxxxxxxxxxxxxx
The notebook user is on a biz trip. Will check when he gets back to officethey
and upload.
Thanks.
"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:OQTNp5RQHHA.4844@xxxxxxxxxxxxxxxxxxxxxxx
No, this is not caused by a virus but by an oversight onthe
your part. To track it down you must create a precise
report of your permission structure. Here is how you can
do it.
On the server:
- Open a Command Prompt.
- Navigate to the parent of the "Shared" folder.
- Type this command:
cacls Shared > c:\test.txt
- Paste the contents of this file into your reply.
On a workstation:
- Log on as a local administrator.
- Open a Command Prompt.
- Type the following commands:
set > c:\test.txt
net user "%UserName%" >> c:\test.txt
net user "%UserName%" 26January >> c:\test.txt
(This will change to password to "26 January".)
- Log off, then log on again as a local administrator and
open a Command Prompt, then type these commands:
net user "%UserName%" >> c:\test.txt
dir \\YourServer\Shared 1>>c:\test.txt 2>>&1
- Paste the contents of this file into your reply.
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:%23TGo6JRQHHA.1016@xxxxxxxxxxxxxxxxxxxxxxx
The passwords are different though, that's why I can't understand how
notebook/administrator can browse folders on server under
server/administrator. Not only can they see the shared folders, but
fullcan
browse and see all the system folders that have shares as well.
Is this a virus?
"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:OKR$CcDQHHA.4924@xxxxxxxxxxxxxxxxxxxxxxx
As I said before, only account names / passwordsfolders
matter. SIDs don't.
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:O0t4qLDQHHA.2468@xxxxxxxxxxxxxxxxxxxxxxx
Surely the notebook\administrator has a different SID than
server\administrator ?
Why does the server allow notebook\administrator browse files and
that have permissions set exclusively for server\administrator ?
"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:uLqEip6PHHA.140@xxxxxxxxxxxxxxxxxxxxxxx
"Paul" <ancientsiam@xxxxxxxxx> wrote in message
news:eFNIUJ6PHHA.404@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a folder on my server called "shared" and I have set
accesspermissions
to the domain/administrator and domain/sharedusers.
The strange thing is that any notebook in my company can
canthishave
folder
by simply browsing the network, as long as the notebook users
logged
in
as notebook/administrator i.e. local notebook administrator
thebrowse
the
folders on the server.
To test, if I delete the domain/administrator permissions on
thefoldersnetwork
folder, the notebook users lose their ability to browse the
onbetween
the
server.
I had always thought that Windows 2000 server distinguishes
local
computer admin on the notebooks, and local computer admin on
server?
Windows does not care if a resource is being accessed by a
local or by a domain user. If the user presents a valid account/
password combination then he/she is given appropriate access.
.
- Follow-Ups:
- Re: File security rights confusing
- From: Pegasus \(MVP\)
- Re: File security rights confusing
- From: Paul
- Re: File security rights confusing
- Prev by Date: Re: Task scheduler problem at logoff
- Next by Date: Re: File security rights confusing
- Previous by thread: Re: Task scheduler problem at logoff
- Next by thread: Re: File security rights confusing
- Index(es):
Relevant Pages
|
